| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14125 | Cri | 0.64 | 9.8 | 0.03 | Sep 25, 2017 | SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | ||
| CVE-2017-12905 | Cri | 0.65 | 10.0 | 0.03 | Sep 25, 2017 | Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | ||
| CVE-2015-4667 | Cri | 0.68 | 9.8 | 0.11 | Sep 25, 2017 | Multiple hardcoded credentials in Xsuite 2.x. | ||
| CVE-2017-14723 | Cri | 0.58 | 9.8 | 0.10 | Sep 23, 2017 | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | ||
| CVE-2017-14706 | Cri | 0.69 | 9.8 | 0.28 | Sep 22, 2017 | DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12,… | ||
| CVE-2017-14080 | Cri | 0.64 | 9.8 | 0.03 | Sep 22, 2017 | Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | ||
| CVE-2017-14078 | Cri | 0.68 | 9.8 | 0.50 | Sep 22, 2017 | SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | ||
| CVE-2017-9393 | Cri | 0.64 | 9.8 | 0.02 | Sep 22, 2017 | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | ||
| CVE-2017-14637 | Cri | 0.64 | 9.8 | 0.02 | Sep 22, 2017 | In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. | ||
| CVE-2017-14636 | Cri | 0.64 | 9.8 | 0.01 | Sep 22, 2017 | Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe]… | ||
| CVE-2017-9283 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2017 | An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | ||
| CVE-2017-9282 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2017 | An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | ||
| CVE-2017-7544 | Cri | 0.59 | 9.1 | 0.03 | Sep 21, 2017 | libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information… | ||
| CVE-2017-12170 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding… | ||
| CVE-2017-14652 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | ||
| CVE-2017-14648 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | ||
| CVE-2017-12930 | Cri | 0.67 | 9.8 | 0.03 | Sep 21, 2017 | SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | ||
| CVE-2017-12928 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials. | ||
| CVE-2015-1187 | Cri | 0.85 | 9.8 | 0.83 | KEV | Sep 21, 2017 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | |
| CVE-2015-5284 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2017 | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | ||
| CVE-2017-14632 | Cri | 0.64 | 9.8 | 0.06 | Sep 21, 2017 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | ||
| CVE-2017-14631 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. | ||
| CVE-2017-14630 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. | ||
| CVE-2017-14628 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. | ||
| CVE-2017-14626 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. | ||
| CVE-2017-14625 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. | ||
| CVE-2017-14624 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. | ||
| CVE-2017-14596 | Cri | 0.64 | 9.8 | 0.06 | Sep 20, 2017 | In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | ||
| CVE-2015-6673 | Cri | 0.64 | 9.8 | 0.02 | Sep 20, 2017 | Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. | ||
| CVE-2017-14608 | Cri | 0.59 | 9.1 | 0.02 | Sep 20, 2017 | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | ||
| CVE-2017-12611 | Cri | 0.67 | 9.8 | 0.88 | Sep 20, 2017 | In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | ||
| CVE-2016-6795 | Cri | 0.57 | 9.8 | 0.08 | Sep 20, 2017 | In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | ||
| CVE-2015-4073 | Cri | 0.67 | 9.8 | 0.04 | Sep 20, 2017 | Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the… | ||
| CVE-2017-8772 | Cri | 0.64 | 9.8 | 0.01 | Sep 20, 2017 | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires… | ||
| CVE-2017-8771 | Cri | 0.64 | 9.8 | 0.01 | Sep 20, 2017 | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the… | ||
| CVE-2015-4683 | Cri | 0.67 | 9.8 | 0.07 | Sep 19, 2017 | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | ||
| CVE-2014-8686 | Cri | 0.70 | 9.8 | 0.37 | Sep 19, 2017 | CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. | ||
| CVE-2014-8684 | Cri | 0.65 | 9.8 | 0.72 | Sep 19, 2017 | CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic… | ||
| CVE-2017-12883 | Cri | 0.60 | 9.1 | 0.06 | Sep 19, 2017 | Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid… | ||
| CVE-2017-6315 | Cri | 0.68 | 9.8 | 0.17 | Sep 19, 2017 | Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. | ||
| CVE-2017-14143 | Cri | 0.73 | 9.8 | 0.76 | Sep 19, 2017 | The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via… | ||
| CVE-2017-10700 | Cri | 0.64 | 9.8 | 0.02 | Sep 19, 2017 | In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | ||
| CVE-2015-3431 | Cri | 0.64 | 9.8 | 0.04 | Sep 19, 2017 | Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | ||
| CVE-2014-9618 | Cri | 0.73 | 9.8 | 0.73 | Sep 19, 2017 | The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. | ||
| CVE-2014-9611 | Cri | 0.68 | 9.8 | 0.13 | Sep 19, 2017 | Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | ||
| CVE-2014-8174 | Cri | 0.64 | 9.8 | 0.03 | Sep 19, 2017 | eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. | ||
| CVE-2017-10930 | Cri | 0.64 | 9.8 | 0.01 | Sep 19, 2017 | The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | ||
| CVE-2017-14532 | Cri | 0.64 | 9.8 | 0.03 | Sep 18, 2017 | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. | ||
| CVE-2017-14512 | Cri | 0.64 | 9.8 | 0.01 | Sep 17, 2017 | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | ||
| CVE-2017-14244 | Cri | 0.68 | 9.8 | 0.17 | Sep 17, 2017 | An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. |
- risk 0.64cvss 9.8epss 0.03
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.
- risk 0.65cvss 10.0epss 0.03
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
- risk 0.68cvss 9.8epss 0.11
Multiple hardcoded credentials in Xsuite 2.x.
- risk 0.58cvss 9.8epss 0.10
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
- risk 0.69cvss 9.8epss 0.28
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12,…
- risk 0.64cvss 9.8epss 0.03
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
- risk 0.68cvss 9.8epss 0.50
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
- risk 0.64cvss 9.8epss 0.02
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
- risk 0.64cvss 9.8epss 0.02
In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.
- risk 0.64cvss 9.8epss 0.01
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe]…
- risk 0.64cvss 9.8epss 0.01
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
- risk 0.64cvss 9.8epss 0.01
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
- risk 0.59cvss 9.1epss 0.03
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information…
- risk 0.64cvss 9.8epss 0.02
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding…
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
- risk 0.64cvss 9.8epss 0.03
A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
- risk 0.67cvss 9.8epss 0.03
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
- risk 0.64cvss 9.8epss 0.03
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.
- risk 0.85cvss 9.8epss 0.83
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
- risk 0.64cvss 9.8epss 0.01
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
- risk 0.64cvss 9.8epss 0.06
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
- risk 0.64cvss 9.8epss 0.02
In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.02
In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation.
- risk 0.64cvss 9.8epss 0.02
In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
- risk 0.64cvss 9.8epss 0.06
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
- risk 0.64cvss 9.8epss 0.02
Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.
- risk 0.59cvss 9.1epss 0.02
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
- risk 0.67cvss 9.8epss 0.88
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
- risk 0.57cvss 9.8epss 0.08
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
- risk 0.67cvss 9.8epss 0.04
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the…
- risk 0.64cvss 9.8epss 0.01
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires…
- risk 0.64cvss 9.8epss 0.01
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the…
- risk 0.67cvss 9.8epss 0.07
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
- risk 0.70cvss 9.8epss 0.37
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
- risk 0.65cvss 9.8epss 0.72
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic…
- risk 0.60cvss 9.1epss 0.06
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid…
- risk 0.68cvss 9.8epss 0.17
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
- risk 0.73cvss 9.8epss 0.76
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via…
- risk 0.64cvss 9.8epss 0.02
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.
- risk 0.64cvss 9.8epss 0.04
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
- risk 0.73cvss 9.8epss 0.73
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
- risk 0.68cvss 9.8epss 0.13
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
- risk 0.64cvss 9.8epss 0.03
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
- risk 0.64cvss 9.8epss 0.01
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
- risk 0.64cvss 9.8epss 0.01
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
- risk 0.68cvss 9.8epss 0.17
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.